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In the Claims 

Claims 1, 7, 13, 18, 22, 26-31 are amended 

Claims 32-34 are canceled. 

Claims 1-3 1 are pending and are listed as follows: 

1. (Currently Amended) A Web server input string screening method 
comprising: 

determining an attack pattem that can be used to attack a Web server, the 
attack pattem comprising content that is dosignod to oonotitutc is determined 
constituting- one or more of a disclosure attack or ([,]] an integrity attack er a 
denial of fl e n . ^oc attack on the Web server, 

defining a search pattem that can be used to detect the attack pattem, the 
search pattern being defined in a manner that permits variability among its 
constituent parts; 

receiving an input string that is intended for use by a Web server; 

evaluating the input string using the search pattem to ascertain whether the 
attack pattem is present; and 

implementing a remedial action if an attack pattern is found that matches 
the search pattem. 

2. (ORIGINAL) The Web server input string screening method of 
claim 1 , wherein: 

said defining comprises defining a plurality of different search patterns; and 
said evaluating comprises evaluating the input string using said plurality of 
different search patterns. 



PA(X4/15'R(M}AT9I22I200512:35:54PM [Eastern DayOghtrimej'SVKU^^^ 



SEP 22 2005 09:38 FR 00 



15093238979 TO 157127:^300 P. 05/15 



n 



3. (ORIGINAL) The Web server input string screening method of 
claim 1, wherein the search pattem is specified as a regular expression. 

4. (ORIGINAL) The Web server input string screening method of 
claim 1, wherein said receiving of the input string comprises receiving a URL. 

5. (ORIGINAL) The Web server input string screening method of 
claim I, wherein said receiving of the input string comprises receiving a portion of 



10 an HTTP verb request. 



13 6. (ORIGINAL) The Web server input string screening method of 

13 claim 1 , wherein said implementing comprises denying a request that is associated 

14 with the input string. 

ts 

J6 7. (Currently Amended) A Web server input string screening method 

17 comprising: 

18 defining one or more search patterns that comprise literal characters and 

19 special characters, wherein the literal characters indicate exact characters in an 

20 input string that is intended for receipt by a Web server, and the special characters 

21 indicate variable characters in an input string that is intended for receipt by the 

22 Web server, the search patterns being usable to search for an attack pattem that 

23 can be used to attack the Web server, the attack pattem comprising content that is 

24 des ign e d to oonstituto detcmiined as constituting one or more of a disclosure 
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attack 0£ [[,]] an integrity attack or a denial of QOn ioo attack on the Web server; 
and 

storing the one or more search patterns in a memory location that is 
accessible to a screening tool for evaluating an input string that is intended for 
receipt by the Web server. 

8. (ORIGINAL) The Web server input string screening method of 
claim 7 further comprising: 

retrieving a search pattem from the memory location; and 
evaluating an input string with the screening tool by ascertaining whether 
the input string includes at least a portion that matches the search pattem. 

9. (ORIGINAL) The Web server input string screening method of 
claim 8, wherein the evaluating of the input string comprises evaluating a URL. 

10. (ORIGINAL) The Web server input string screening method of 
claim 8, wherein the evaluating of the input string comprises evaluating a portion 
of an HTTP verb request. 

11. (ORIGINAL) The Web server input string screening method of 
claim 7 further comprising implementing the screening tool as an extension for an 
existing Web server. 

12. (ORIGINAL) The Web server input string screening method of 
claim 7 further comprising implementing the screening tool as an ISAPI extension. 
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13. (Currently Amended) A Web server input string screening method 
comprising: 

defining one or more search patterns that are specified as a regular 
expression, the search patterns being usable to search for an attack pattern that can 
be used to attack the Web server, the attack pattern comprising content that is 
des ign e d to oonatituto determined as constituting one or more of a disclosure 
attack or [[,]] an integrity attack or a denial of oorvioo attack on the Web server, 
and 

storing the one or more search pattems in a memory location that is 
accessible to a screening tool for evaluating an input string that is intended for 
receipt by the Web server. 

14. (ORIGINAL) The Web server input string screening method of 
claim 13 further comprising: 

retrieving a search pattern from the memory location; and 
evaluating an input string with the screening tool by ascertaining whether 
the input string includes at least a portion that matches the search pattern, 

15. (ORIGINAL) The Web server mput string screening method of 
claim 14, wherein the evaluating of the input string comprises evaluating a URL. 

1<5- (ORIGINAL) The Web server input string screening method of 
claim 14, wherein the evaluating of the input string comprises evaluating a portion 
of an HTTP verb request. 
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17- (ORIGINAL) A computer-readable medium having computer- 
readable instructions thereon which, when executed by a computer, perform the 
method of claim 14. 

18. (Currently Amended) A Web server input string screening tool 
embodied on a computer-readable medium comprising: 

a pattern matching engine that is configured to receive an input string that 
is intended for use by a Web server and evaluate the input string to ascertain 
whether it likely constitutes an attack on the Web server, the attack comprising 
one or more of a disclosiire attack or [[,]] an integrity attack or a denial ofsorvio e 

i 

attack on the Web server, and 



13 one or more patterns that are usable by the pattern matching engine to 

14 evaluate the input string, the patterns being defined in a manner that permits 

15 variability among the constituent parts of the one or more patterns. 



17 1^- (ORIGINAL) The Web server input string screening tool of claim 

18 1 8, wherein the one or more patterns are specified as regular expressions. 



20. (ORIGINAL) The Web server input string screening tool of claim 

21 18, wherein the pattern matching engine is configured to receive an input string 

22 that comprises a URL. 
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21. (ORIGINAL) The Web server input string screening tool of claim 
18, wherein the pattern matching engine is configured to receive an input string 
that comprises a portion of an HTTP verb request. 



22. (Currently Amended) One or more computer readable media 
having computer-readable instructions thereon which, when executed by a 
computer perform the following steps: 

receiving an input string that is intended for use by a Web server, 

9 evaluating the input string using a search pattern to ascertain whether the 

10 input string contains an attack pattern that can be used to attack the Web server, 

11 the attack pattern comprising content that is d e aignod to oonstitut o determined as 

12 constituting one or more of a disclosure attack ot [[,]] an integrity attack er-a 

13 doniol of sonriqo attack on the Web server, the search pattern comprising literal 

14 characters and special characters, wherein literal characters indicate exact 

15 characters in the input string, and ±e special characters indicate variable 
\6 characters in the input string; and 

17 implementing a remedial action if an attack pattern is found that matches 

18 the search pattern. 
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23. (ORIGINAL) The computer-readable media of claim 22, wherein 
said implementing comprises denying a request tfiat is associated with the input 
string. 
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24. (ORIGINAL) The computer-readable media of claim 22, wherein 
said receiving comprises receiving a URL. 

25. (ORIGINAL) The computer-readable media of claim 22, wherein 
said receiving comprises receiving an input string that is associated with an HTTP 
verb request. 

26. (Currently Amended) A colloetion of Wob Qorver oorooning 
pattornq ombodiod on a computet readable medium Web server comprising: 

a processor a nd one or more computer-readable media; 
a memory; and 

a plurality of patterns stored in the m e mor y one or more computer-readable 
"^^dia, the patterns being useable bv the Web server processor to screen input 
strings that ore intended for uae by a Wob oorv^or to ascertain whether the input 
strings comprise attack patterns, the attack patterns comprising content that is 
d e signed to oonstituto determined as constituting one or more of a disclosure 
attack (jj [[J] an integrity attack or o denial of s o r^ico attack on the Web server, 
individual patterns being defined in a manner that peraiits variability among their 
constituent parts. 

27. (Carrently Amended) The oolloction system of claim 26, wherein 
the patterns are specified as regular expressions, 

28. (Currently Amended) The colloetion system of claim 26, wherein 
the collection is adapted for addition to, deletion of, or modification of patterns. 
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29. (Currently Amended) The coll e ction system of claim 26, wherein 
the pattetns are configured for use in screening URLs that are intended for use by 
a Web server. 

30. (Currently Amended) The ooUootion system of claim 26, wherein 
the patterns are configured for use in screening input strings associated with HTTP 
verb requests that are intended for use by a Web server, 

31. (CurrenUy Amended) The oollootion system of claim 26 
configured for use by an ISAPI extension. 

32. -34. (Canceled). 
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